Wednesday, 30 March 2011

Today’s “Privacy & Data Anonymisation” seminar, sponsored by the ICO at the offices of the Wellcome Trust in Central London, will cause a few headaches for regulators, data controllers and everyone else alike. Transparency is currently occupying a central part of the Government’s agenda. It’s seen as the way to ensure that public bodies are more transparent, democratic and accountable. That seems to be a good thing. Ahead we see the rise of the transparency activist, whose calls for action will be just as strident as those of the privacy activist. They are not, necessarily, combatants occupying different ends of a continuum, however. The trick, if we can all pull it off, is to ensure that the benefits that will be obtained from transparency will not be significantly offset by detriments to personal privacy.

The seminar, chaired by Christopher Graham and subsequently David Smith, gave a range of distinguished experts an opportunity to generally agree with each other about the challenges ahead. There was tacit acceptance that, in this ever more closely connected world, the concept of true anonymity is redundant. It is a term of fiction. And more people will come to accept this as a statement of fact in the next few years.

The assessment has to move on to working out whether data which can benefit society as a whole should be withheld just because there is a “small” risk that individuals can be identified. From the floor, Caspar Bowden was given the opportunity to ask some of the more difficult questions. Questions such as what happens when it goes wrong and those who are identified are unhappy about this? What collective redress mechanisms should be in place to deter the maliciously minded?

The discussion turned to issues of confidentiality – and an acceptance that life was so complicated that, for most practical purposes, legitimising data processing by obtaining an individual's consent is not really going to be an option. I suspect that the legitimate interests of the data controller condition will become even more widely relied upon. The difficulties of turning a fair processing statement into language that an ordinary person would actually want to read, let alone understand, are overwhelming. But, particularly in the medical research context, while it may be impractical to seek consent for such processing, it is inexcusable for the information not to remain confidential. We heard a few examples of the very significant benefits that could be obtained when information about people with very rare and peculiar medical conditions was shared – to the benefit of the treating doctors and obviously to the patients themselves.

What was clear was that the way forward was not one where it would be appropriate to rely on an answer which depended wholly on either technology or regulation. Technology won’t give us all the answer as it merely fuels an arms race between the statisticians and the data miners. Regulation won’t give us the answer either, as laws, once created, will be years behind the curve – and have political needs to address, rather than practical ones. After all, who really thinks that the revised privacy Directive is going to answer all our privacy problems? (Let alone the problems that will emerge in the near future.)

Actually, the way forward really revolves around behaviours – or more importantly, trust. We will naturally give the Government the initial benefit of the doubt, and I’m sure we will be all be delighted and amazed at the manner in which various public sector data sets can be rehashed to provide us with information which is of real value to us personally.

But – and this is a big but - it will only take a couple for high-profile mishaps to occur before we, the great unwashed, lose confidence in the ability of public bodies to mask the stuff that really causes us personal embarrassment, at which time we will refuse to supply the very information which, when mashed up, caught us on the hop.

The situation is complicated, but it is not hopeless. There is great potential for greater transparency of public information, and we have to be careful that small gains in privacy are not offset by huge losses of utility of this information. There must be combinations of information available which, when mashed up, won’t lead to personal ruin, These we should find. If we believe in transparency, we will have to learn to live with a bit of risk. It’s not data that really needs protecting. Let’s face it. Actually, it’s people, not data, which really need protecting.

Turning the concept on its head, one speaker wondered what we are willing to give up for privacy. Would we prefer to join a social network which we paid to use, or would we be happy with a search engine which was a bit flaky around the edges?

In conclusion, it seems that anonymity belongs to the framework of the old style of data security. Norms are changing, and people are slowly realising this. Trust will replace anonymity in terms of data security. And this trust will be placed in the judgment of people who will have access to vary quantities of information which could well relate to us. If our trust is broken, as a result of the failure of the people (or institutions) to seperate us from information which, if linked, could ruin our established reputation, the result will be a collapse in public confidence which will quickly result in the demise of the Government’s transparency agenda – which does not appear to be a very good outcome for anyone.

There ought to be a very useful ICO report of the proceedings available soon, so I won’t steal any more of its thunder.

Saturday, 26 March 2011

I’m incredibly fortunate to occasionally have the opportunity to meet people whose lives have profoundly influenced me – and often they have also influenced the lives of millions of others. These past few weeks have given me the opportunity to get to know three more, and I want to pay tribute to them today, and explain what gift they have which has left such a great impression on me.

First up is someone I met at the British Library, who talked about an incident in his life which really did change the pace of history. His name - Clarence B Jones. And what did he do? Well, he is the former personal counsel, advisor, draft speech writer and close friend of Dr. Martin Luther King, Jr. And the words he drafted formed the first part of that historic speech that Martin King delivered on the steps of the Lincoln Memorial in Washington DC in August 1963. This was the defining moment of the American civil rights movement. And lets not forget just how influential Martin King has been. As Clarence explained: Except for Abraham Lincoln and the Emancipation Proclamation of 1863, Martin Luther King, Jr., in 12 years and 4 months from 1956 to 1968, did more to achieve political, economic, and social justice in America than any other event or person in the previous 400 years.

Next up is someone I met at the House of Lords, who had arranged for members of the Government Panel of the Worshipful Company of Information Technologists to dine on the terrace overlooking the River Thames. She had played a significant role in a crisis that had engulfed America – and the whole world, the previous winter. As a member of British Naval Intelligence, Pat had been asked to urgently travel to Gibraltar to review photographs of soviet ships that had just passed through the Straits of Gibraltar. Were these ships carrying telegraph poles, or something more sinister, en route to their end destination? Her timely analysis of just what the ships were carrying gave President John F Kennedy more time to deal with what became known as the Cuban missile crisis, and war was averted.

And finally I want to pay tribute to someone I met at the Swedenborg Hall in Bloomsbury a few nights ago. He is an actor who, in 1992, literally blew my socks off when I saw him make his first entrance in Nicholas Hytner’s historic production of Carousel at the National Theatre. For the first time in my experience of the history of professional musical theatre, Mr Enoch Snow and Carrie were case as an interracial couple, and Enoch Snow was played by the amazing Clive Rowe. His first appearance drew gasps of astonishment, as this big black man just seemed to magically rose up through the floor of the stage, and sing with an amazingly rich baritone voice. He completely charmed the entire house within seconds. His performance gelled the cast in what remains one of the NT’s very greatest productions.

What do these three remarkable people have in common? An uncanny conviction that they can face a potentially hostile audience and deliver a message that will bring them on side. A quiet confidence, not arrogance. A belief that by setting out the situation, as they see it, others will be inclined to follow their line of thought. And a sense of purpose and humility, principally acting for others, rather than for themselves.

In essence, they are leaders. Leaders in very different fields, but leaders all the same. But meeting them, I have learnt to discover the essence of their greatness – which relates to their humility. They are brilliant communicators because they open themselves up to their critics. They are not afraid to engage in conversation with people they’ve never met before. They have the confidence to be open because they have no ego to protect. And they are unfailingly polite.

I do hope that I’ll also have the confidence to be open, and have the courage to challenge concepts I feel to be questionable. Why keep it all buttoned up inside me when I could, with some effort, take the time to set out precisely what my point is, and invite others to share – or disagree with that view.

It’s easy to remain quiet – it’s far harder to put your neck on the line and put your thoughts on-line, for everyone to read.

Fortunately the home renovation project has reached the stage where I can begin to focus on my thoughts again, so new postings will commence shortly.

What have learnt about myself from this period of blog abstinence?

The most important lesson is that I’ve missed the opportunity to focus on particular issues which are of personal interest to me. If I’m not careful I can take the easy path through life, and concentrate all the time on issues which are of professional interest – ie those which are directly related to my day job. But I don’t want to do that. I think enough about the day job during the day. This is my opportunity to probe issues that concern me as a citizen. And I’ll increasingly take up this opportunity to review my posting to ensure that what I say in this, most social of social media, is separate to what might be expected of me when act in a corporate capacity.

On this blog I am not my company’s spokesman.

I am a free man.

But hopefully not a loose cannon.

I really should devise a set of rules of social blogging, which should then be published , so that I can later benchmark my posts against those standards. Increasingly companies accept that their employees will use the internet as a means of communicating through a medium that is just as easy to reach mass audiences as can the large corporation, with all its media expertise. But with this equality of arms ought to follow an equal sense of responsibility. So that neither side uses inside knowledge or “freedom of speech” to make disparaging remarks about the other.

I’ve never set out to make disparaging remarks about my employer. I’ve always had far too much to say about other things. And long may that state of affairs continue.

About Me

I'm Martin Hoskins, and I started this blog to offer somewhat of an irreverent approach to data protection issues. As time has passed, the tone of my posts have become more serious.
I'm not a "high priest" of data protection. I focus on the principles of transparency, fairness, practicality, risk-assessment and pragmatism when dealing with issues, rather than applying every aspect of every data protection rule.
While I may occasionally appear to criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity, so these comments should never be taken to represent anyone else's views on what I write about.
I occasionally tweet as @DataProtector.
You can contact me at:
info@martinhoskins.com.